Date: Tue, 9 Apr 2002 23:16:21 +0300 (EEST) From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> To: <freebsd-security@freebsd.org> Subject: Re: zlib double-free security notification Message-ID: <Pine.BSF.4.31.0204092308130.20113-100000@atlantis.dp.ua> In-Reply-To: <20020409040344.36061.qmail@web11802.mail.yahoo.com.lucky.freebsd.security>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Tue, 9 Apr 2002, X Philius wrote: > Security Folks, > Are there any exploits out there that take advantage of this hole? I am > running 4.4 Release, and have been watching the security notifications > list for patches that I *really* need to run. So, if I want to keep > things as simple as possible, would you recomend patching to fix this > issue? If it is just a matter of possible DOS issues, versus actual > known exploits, I'll probably skip it. If you don't want to break functionality of /sys/net/zlib.c, don't apply a patch proposed by the FreeBSD-SA-02:18.zlib - it will crash your patched kernel if you'll try to use pppd with deflate compression enabled (at least I've got a kernel panic almost immediately diring an experiment on a patched 4.5-RELEASE). The bug has fixed in all security branches (RELENG_4_5 etc), but security advisory still points to a buggy patch. Better fetch the correct version of this file from CVS repositary. Beware of it! Sincerely, Dmitry Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0204092308130.20113-100000>